30 matches found
SUSE CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
CVE-2026-54512
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...
CVE-2026-54517
Summary: CVE-2026-54517 affects jackson-databind. In BeanDeserializer._deserializeUsingPropertyBased, the active-view filter was only applied to creator properties; the path for regular properties lacked a visibleInView check. This allowed setterless Collection/Map properties annotated with a res...
PT-2026-51602
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The UnwrappedPropertyHandler.processUnwrappedCreatorProperties function replays buffered JSON into creator parameters without consulting...
CVE-2026-44055
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...
CVE-2026-44055
Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...
CVE-2026-44055
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...
Netatalk 操作系统命令注入漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.4 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...
PT-2026-42412
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...
GHSA-C9PH-GXWW-7744 Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...
CVE-2026-2892
Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...
CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Plugin BlueX for WooCommerce versions = 3.1.6...
EUVD-2025-34471
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61806
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2025-61802 Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61807 Substance3D - Stager | Integer Overflow or Wraparound (CWE-190)
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2025-42195
Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.4 and earlier Description An Integer Overflow or Wraparound issue exists in Substance3D - Stager. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User...
EUVD-2025-27968
Malicious code in bioql PyPI...